The Internet of Things – A Major Cybersecurity Risk
In a recent post John Baker (http://www.silvervinesoftware.com/blog/are-home-based-iot-cyber-exposures-part-of-your-insurance-strategy?utm_source=LinkedIn%20Groups&utm_) describes how in 2016 three Internet gamers inadvertently created a botnet named Mirai which took over about 600,000 devices worldwide, including the entire internet of Liberia. How did this happen? The gamers never changed their default security settings.
When a consumer purchases one of the many devices which make up the “Internet of Things”, manufacturers instruct them to customize the default username and password (typically “admin” and “password” respectively). It only takes a few minutes, and your device is more secure. Yet not only individuals but major companies (Equifax, for example) fail to take this elementary security measure. These failures lead to billions of dollars of damages.
The risks of IoT devices go beyond hacked default passwords. Vulnerabilities have been found in implantable cardiac devices (hackers could literally kill someone). Security cameras with faulty software will let hackers see, and sometimes hear, what is going on. Other vulnerable devices include parental control systems, smart locks and mobile voice assistants.
There is probably no absolute security against these risks. Strong passwords and blocking links between IoT devices and business computer systems will help. Questions of liability between the user and manufacturer remain to be decided. Insurance policies may or may not provide coverage. The best strategy is to be aware of the risks and do what you can to mitigate them.